CISA confirms hackers are actively exploiting critical ‘Citrix Bleed 2’ bug

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has raised alarms about a critical vulnerability within a popular Citrix product, warning that cybercriminals are currently exploiting this flaw. Federal agencies have been given a tight deadline of just one day to secure their systems against this threat. This security flaw, labeled “Citrix Bleed 2” by researchers, shares characteristics with a previously identified issue in Citrix NetScaler from 2023. This networking solution is crucial for enabling remote access to applications and resources for large organizations and government entities. The vulnerability allows hackers to remotely extract sensitive credentials from infected NetScaler devices, providing them with broader access to internal networks. In a statement released on Thursday, CISA indicated that there is concrete evidence of this vulnerability being actively utilized in hacking operations. The agency's warning aligns with a growing body of research that highlights extensive exploitation of this flaw, with reports suggesting some attacks may have been occurring since mid-June. Akamai, a cybersecurity firm, noted a significant surge in scanning activities directed at the internet for vulnerable devices following the disclosure of the NetScaler exploit earlier this week. CISA has classified the NetScaler flaw as presenting a “significant risk” to federal systems, mandating that all affected Citrix devices be patched by Friday. While Citrix has yet to confirm the exploitation of this vulnerability, the company has issued a security advisory urging users to update their devices promptly. However, as of now, Citrix representatives have not provided comments in response to inquiries from TechCrunch.